WordPress Security. Be afraid, be very afraid.

Most of us are jumping onto the WordPress bandwagon these days, I know i get misty eyed when I see the amazing level of control and capabilities the open source content management platform offers. And with all good things related to technology, with widespread adoption comes enterprise level security concerns. Hackers learn how to exploit weaknesses and then have a virtual smorgasboard of vulnerable sites at their disposal. Security, as well all know, is paramount these days.

I hate to be a fearmonger but the reality is that the cyber security threat is real. We see it everyday. Many small businesses just assume their site is safe. And we all know how assumptions play out sometimes. There are two constants I tell clients – backup your data, and keep your system secure (as possible) by adding firewalls and performing frequent scans for malware and viruses.

Technology can be very frustrating at times!

Fortunately some of the sercurity measures are simple for a basic wordpress site. Anyone who runs WordPress would be well served by following this simple advice – make your usernames and passwords complex (I know, I hate it too) and trash the admin default login before you even preview your site. Install this free Wordfence Plugin, run a scan, and set the protections as you see fit (default is fine). I receive reports from my clients on hacking attempts – and they are tremendously frequent and worldwide, even on small sites with no ecommerce or stored user data. It’s scary – be afraid. Be very afraid. Fear is a healthy response to existing threats. Don’t end up like this guy!

To bring it all back to reality, here is an example of a Wordfence report that was automatically generated and emailed to me by Wordfence for a client of mine covering a one week period. Specifically, note that there were no less than 100 ourside attempts, from all over the world, to access the site. Remember, this is in a single week.

Wordfence doesn’t pay me to say nice things about them – I use their products. They have a paid premium tier for professional grade use but for the average small business, the free plugin works wonders. Obviously nothing ensures complete protection except taking your site off the internet – so let’s be reasonable here.

And striving to be leaders in this space, Wordfence also just launched this incredible new online wordpress security resource site that is filled with relevant security information for the WordPress community. Check it out – then download their plugin and shore up your wordpress site sooner rather than later. It will save you peace of mind, time, and a call to your web company to clean up a mess down the road. As Nike says – just do it.

And in addition to providing great plugins and tools, Wordfence also has assembled an intensive data repository related to WordPress Security measures. It’s well written, exhaustive, and a solid resource for anyone working in this space. Here’s the Link: https://www.wordfence.com/learn/
If you can’t find relevant info there – you’ve conquered the internet!

Finally, I would also like to thank the folks at the Seacoast (NH) WordPress Developers Meetup for introducing me to both the importance of WordPress Security and the Wordfence Plugin. I encourage anyone who uses or develops on WordPress to attend! It’s a great group of people in a casual environment that share ideas freely. I dig it.